By Ron Benvenisti. More than 200,000 network-connected infusion pumps used in hospitals and healthcare entities with 75% of those medical devices having dangerous security weaknesses that put them at risk of potential exploitation.

“These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices,” Unit 42 security researcher Aveek Das said in a report published Wednesday.

Successful exploitation of the vulnerabilities could result in leakage of sensitive information pertaining to patients and allow an attacker to gain unauthorized access to the devices, necessitating that health systems are proactively protected against threats which can alter the amount of insulin, chemotherapy drugs and other vital medicines which can lead to emergency complications up to and including deaths.

Palo Alto Networks’ threat intelligence team said it obtained the scans from seven medical device manufacturers. On top of that, 52.11% of all infusion pumps scanned were susceptible to two known vulnerabilities that were disclosed in 2019 as part of 11 flaws collectively called “URGENT/11”:

• A buffer overflow flaw in the TCP component of Wind River VxWorks
• An issue with incorrect access control in the DHCP client component of Wind River VxWorks
• An unauthorized user with physical access to an Alaris 8015 Point of Care units may be able to disassemble the device to access the removable flash memory, allowing read-and-write access to device memory
• A credential management error in Alaris 8015 Point of Care units that could be exploited to gain unencrypted wireless network authentication credentials and other sensitive technical data
• An improper session authentication vulnerability in Alaris 8015 Point of Care units that could be abused to perform a denial-of-service attack on the devices
• Cleartext transmission of sensitive information in Sigma Spectrum Infusion System
• Use of hard-coded FTP credentials in Baxter Spectrum WBM
• Use of hard-coded Telnet credentials in Baxter Spectrum WBM
• Baxter Spectrum WBM FTP service remains operational after its expected expiry time until it’s rebooted
• Baxter Spectrum Wireless Battery Module (WBM) permits data transmission and command-line interfaces over Telnet

Last year, McAfee disclosed security vulnerabilities affecting B. Braun’s Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication.

The discovery “highlights the need for the healthcare industry to redouble efforts to protect against known vulnerabilities, while diligently following best practices for infusion pumps and hospital networks,” Das said.

How The FDA Defines Infusion Pumps

An external infusion pump is a medical device used to deliver fluids into a patient’s body in a controlled manner. There are many different types of infusion pumps, which are used for a variety of purposes and in a variety of environments.

Infusion pumps may be capable of delivering fluids in large or small amounts and may be used to deliver nutrients or medications – such as insulin or other hormones, antibiotics, chemotherapy drugs, and pain relievers.

Some infusion pumps are designed mainly for stationary use at a patient’s bedside. Others, called ambulatory infusion pumps, are designed to be portable or wearable.

Several commonly used infusion pumps are designed for specialized purposes. These include:

• Enteral pump – A pump used to deliver liquid nutrients and medications to a patient’s digestive tract.
• Patient-controlled analgesia (PCA) pump – A pump used to deliver pain medication, which is equipped with a feature that allows patients to self-administer a controlled amount of medication, as needed.
• Insulin pump – A pump typically used to deliver insulin to patients with diabetes. Insulin pumps are frequently used in the home.

Infusion pumps may be powered electrically or mechanically. Different pumps operate in different ways. For example:

• In a syringe pump, fluid is held in the reservoir of a syringe, and a moveable piston controls fluid delivery.
• In an elastomeric pump, fluid is held in a stretchable balloon reservoir, and pressure from the elastic walls of the balloon drives fluid delivery.
• In a peristaltic pump, a set of rollers pinches down on a length of flexible tubing, pushing fluid forward.
• In a multi-channel pump, fluids can be delivered from multiple reservoirs at multiple rates.
• A “smart pump” is equipped with safety features, such as user-alerts that activate when there is a risk of an adverse drug interaction, or when the user sets the pump’s parameters outside of specified safety limits.